WX3500H

最後更新: 2020-03-19

 


Display Client Info.

 

wlan client

display wlan client ?

  • ap                    # Specify an AP
  • association        # Display association client information
  • frequency-band  # Specify a frequency band
  • mac-address       # Specify a client by its MAC address
  • service-template  # Specify a service template
  • status                 # Client status
  • verbose              # Detailed information

# Client by AP

display wlan client ap ap19

Total number of clients: 19

MAC address    User name            AP name               R IP address      VLAN
????-????-???? N/A                  ap19                  3 172.16.1.127    1
....

# Client by SSID

display wlan client service-template 2

Total number of clients: 19

MAC address    User name            AP name               R IP address      VLAN
????-????-???? N/A                  ap19                  3 172.16.1.127    1
....

# Client by MAC

display wlan client status [mac-address H-H-H]

Total number of clients: 91

MAC address     Access time  RSSI  Rx/Tx rate      Discard  AP name          RID
????-????-????  N/A          N/A   26/19.5Mbps     0.00%    ap34               1

wlan ap

display wlan ap statistics online-record

Time                     Manual AP    Auto AP      Total        Total delta
2020-03-16/15:59:21      37           0            37           0
...

display wlan ap all

Total number of APs: 40
Total number of connected APs: 37
Total number of connected manual APs: 37
Total number of connected auto APs: 0
Total number of connected common APs: 37
Total number of connected WTUs: 0
Total number of inside APs: 0
Maximum supported APs: 256
Remaining APs: 219
Total AP licenses: 40
Remaining AP licenses: 3
Sync AP licenses: 0

                                 AP information
 State : I = Idle,      J  = Join,       JA = JoinAck,    IL = ImageLoad
         C = Config,    DC = DataCheck,  R  = Run,   M = Master,  B = Backup

AP name                        APID  State Model           Serial ID
ap1                            1     R/M   WA5530          ?????
...

wlan statistics

display wlan statistics client [mac-address H-H-H]

 MAC address                  : ????-????-????
 AP name                      : ap9
 Radio ID                     : 3
 SSID                         : Oasis Staff
 BSSID                        : 441a-fa32-cd11
 RSSI                         : 21
 Sent frames:
   Back ground                : 1/46 (frames/bytes)
   Best effort                : 103836/112765717 (frames/bytes)
   Video                      : 0/0 (frames/bytes)
   Voice                      : 4/736 (frames/bytes)
 Received frames:
   Back ground                : 0/0 (frames/bytes)
   Best effort                : 68224/6888394 (frames/bytes)
   Video                      : 0/0 (frames/bytes)
   Voice                      : 0/0 (frames/bytes)
 Discarded frames:
   Back ground                : 0/0 (frames/bytes)
   Best effort                : 0/0 (frames/bytes)
   Video                      : 0/0 (frames/bytes)
   Voice                      : 0/0 (frames/bytes)

 


 

 


logbuffer

 

reset logbuffer

display logbuffer
 


Portal

 

組成

  • Portal Web服務器(通常與Portal認證服務器是一體)
  • Portal認證服務器
  • AAA服務器 (與接入設備(交換機、路由器)進行交互)[RADIUS/LDAP]

過程

  1. 在認證之前, 將用戶的所有HTTP請求都重定向到Portal Web服務器
  2. 在認證過程中, 與Portal認證服務器、AAA服務器交互,完成身份認證/授權/計費的功能
  3. 在認證通過後, 允許用戶訪問被授權的互聯網資源

輕量級portal和普通portal

輕量級portal又叫oauth認證, 使用https協議交互認證報文,

而普通portal是採用udp的portal報文和radius報文實現認證;

Setting

local-user MyPortalUser class network
 password cipher ????
 access-limit 1024
 service-type portal
 authorization-attribute idle-cut 15
 authorization-attribute user-role network-operator
 description for portal

# class:
#  manage   Device management user
#  network  Network access user

portal user-logoff after-client-offline enable       # 無線 Portal 用戶自動下線功能

portal free-rule 1 destination ip 8.8.4.4 255.255.255.255 udp 53
portal free-rule 2 destination ip 8.8.8.8 255.255.255.255 udp 53

domain mydomain
 authorization-attribute session-timeout 60  # 限時用 1 hour
 accounting start-fail offline
 authorization-attribute idle-cut 15 1024    # 15分鐘內流量小於1024byte就切斷
 authentication portal local
 authorization portal local
 accounting portal local

portal web-server MyPortal
 url http://192.168.13.2/portal
 url-parameter ip source-address
 url-parameter mac source-mac
 url-parameter ssid ssid
 server-type imc                             # 默認 Portal Web 服務器類型為iMC服務器

portal local-web-server http
 default-logon-page defaultfile.zip

wlan service-template 3
 ssid test123
 vlan 13
 portal enable method direct        # 開啟Portal認證
 portal domain mydomain             # 每個Portal用戶都屬於一個認證域, 且在其所屬的認證域內進行認證/授權/計費
 portal apply web-server MyPortal   # 指定用 "MyPortal"
 portal user-dhcp-only
 service-template enable

Portal Web

  • cmcc: 表示 Portal 服務器類型為符合中國移動標準規範的服務器
  • imc: 表示 Portal 服務器類型為符合iMC標準規範的服務器
  • oauth: 表示 Portal Web 服务器类型为符合绿洲平台标准规范的服务器

start-fail

domain mydomain
 accounting start-fail offline
 ...

"accounting start-fail": 設備向計費服務器發送計費開始請求失敗後, 是否允許用戶接入網絡

offline: 如果用戶計費開始失敗, 不允許用戶保持在線狀態

Checking

display domain

...
Domain: mydomain
  State: Active
  Portal  authentication scheme:  Local
  Portal  authorization  scheme:  Local
  Portal  accounting     scheme:  Local
  Default authentication scheme:  Local
  Default authorization  scheme:  Local
  Default accounting     scheme:  Local
  Accounting start failure action: Offline
  Accounting update failure action: Online
  Accounting quota out action: Offline
  Service type: HSI
  Session time: Exclude idle time
  DHCPv6-follow-IPv6CP timeout: 60 seconds
  Authorization attributes:
    Idle cut: Disabled
    Session timeout: 60 minutes
    IGMP access limit: 4
    MLD access limit: 4

Default domain name: system

display portal web-server

Portal Web server: MyPortal
  Type             : IMC
  URL              : http://192.168.13.2/portal/
  URL parameters   : ip=source-address
                     mac=source-mac
                     ssid=ssid
  VPN instance     : Not configured
  Server detection : Interval: 5 s  Attempts: 3  Action: log
  IPv4 status      : Up
  IPv6 status      : N/A
  Captive-bypass   : Disabled
  If-match         : Not configured

# check online user

display portal user count

Total number of users: 1

display portal user all

Total portal users: 0

OR

Total portal users: 1
Username: MyPortalUser
  AP name: ap27
  Radio ID: 1
  SSID: MySSID
  Portal server: N/A
  State: Online
  VPN instance: N/A
  MAC             IP                    VLAN    Interface
  ????-????-????  192.168.13.101        13      WLAN-BSS1/0/184
  Authorization information:
    DHCP IP pool: N/A
    User profile: N/A
    Session group profile: N/A
    ACL number: N/A
    Inbound CAR: N/A
    Outbound CAR: N/A

# By Username

display portal user username MyPortalUser

# By IP

display portal user ip 192.168.13.101

display portal user all brief

  IP address          Mac address         Online duration     Username
  192.168.13.117      ????-????-????      00:51:25            MyPortalUser

display portal user all verbose

...
AAA:
  Realtime accounting interval: 0s, retry times: 1
  Idle cut: N/A
  Session duration: 3600 sec, remaining: 438 sec
  Remaining traffic: N/A
  Login time: 2020-03-27 11:43:59 UTC+8
  Online time(hh:mm:ss): 00:52:42
  DHCP IP pool: N/A
...
Flow statistic:
  Uplink   packets/bytes: 88468/62991160
  Downlink packets/bytes: 125424/114578732

display portal auth-error-record all

Total authentication error records: 0

display portal auth-fail-record all

Total authentication fail records: 0

Force logoff

portal delete-user ?

  X.X.X.X    Specify a portal user by the IPv4 address
  all        All online portal users
  auth-type  Specify an authentication type
  interface  Portal users on an interface
  ipv6       Specify a portal user by the IPv6 address
  mac        Specify a MAC address
  username   Specify a username

配置Portal僅允許DHCP用戶上線

system-view
wlan service-template 3
portal user-dhcp-only

配置此功能後, IP地址為靜態配置的 Portal 認證用戶將不能上線. 此配置不會影響已經在線的用戶

maximum number of portal users

By default, no limit is set on the number of portal users on an interface.

By default, no limit is set on the global number of portal users.

If you set the maximum number smaller than the current number of portal users on an interface,

this configuration still takes effect.

The online users are not affected but the system forbids new portal users to log in from the interface.

Setting the maximum number of portal users on an interface

1.     Enter system view.

system-view

2.     Enter Layer 3 interface view.

interface interface-type interface-number

3.     Set the maximum number of portal users.

portal { ipv4-max-user | ipv6-max-user } max-number

Setting the global maximum number of portal users

1.     Enter system view.

system-view

2.     Set the global maximum number of portal users.

portal max-user max-number

If you set the global maximum number smaller than the number of current online portal users on the device,

this configuration still takes effect.

The online users are not affected but the system forbids new portal users to log in.

Other Setting

portal host-check enable

無線Portal客戶端合法性檢查功能。

默認情況下, 無線Portal客戶端合法性檢查功能處於關閉狀態, 設備僅根據ARP表項對Portal客戶端進行合法性檢查.

在採用本地轉發模式的無線組網環境中,AC上沒有Portal客戶端的ARP表項,為了保證合法用戶可以進行Portal認證,需要開啟無線Portal客戶端合法性檢查功能。

本功能開啟後,當設備收到未認證Portal用戶的認證報文後,將使用WLAN Snooping表、DHCP Snooping表和ARP表對其進行合法性檢查。

如果在這三個表中查詢到該Portal客戶端信息,則認為其合法並允許進行Portal認證。

可通過display ip source binding命令查看到WLAN Snooping表項或DHCP Snooping表項的相關信息。

captive-bypass

Prevent automatic popup of the portal authentication page

By default, the captive-bypass feature is disabled.

---

The device automatically pushes the portal authentication page to iOS mobile devices and

some Android mobile devices when they are connected to a portal-enabled network.

---

The captive-bypass feature enables the device to push the portal authentication page to the iOS and

Android devices only when the users access the Internet by using a browser.

---

If the users do not perform authentication but press the home button to return to the desktop,

the Wi-Fi connection is terminated.

To maintain the Wi-Fi connection in such cases, you can enable the optimized captive-bypass feature.

---

Remark

Android 有此 captiveportallogin app 執行 detect portal